Author: Olaoluwa Osuntokun 2021-05-13 01:06:21
Published on: 2021-05-13T01:06:21+00:00
Antoine Riard, a Bitcoin Core developer, has identified two defects in the Bitcoin Core bip125 logic and the Lightning Network (LN) codebase that could have security implications for downstream projects. The first defect in the Bitcoin Core bip125 logic arises from the fact that although an unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an unconfirmed parent with nSequence as the child transaction signals "through inheritance" as described in Bip 125 specification, the replacement code as implemented in Core's `PreChecks()` does not enforce this behavior. This provides attackers with an opportunity to pin with an opt-out child without a higher fee than the honest competing transaction, leading to reduced odds of confirmation ending the pinning, thereby lowering the cost of attack.The second defect relates to the Lightning Network (LN) codebase. The flaw involves a pinning transaction that signals "RBF opt-in" through nSequence child, opting out from the RBF policy, and was inconsistent with the inherited signaling mechanism described in BIP 125. After confirming the divergence between Bitcoin Core and BIP 125, he disclosed the issue to Dave Harding, who pointed out that the defect has been present since 2015 and advised considering security implications for deployed second-layer protocols.LN nodes operators concerned by this defect might prefer anchor outputs channels, fully mitigating this specific pinning vector. Onchain DLC/Coinswap/Vault protocols have also multiple stages of execution with time-sensitive transactions opening the way to pinning attacks, so any in-protocol competing transactions should explicitly signal RBF.The defect was disclosed to the LN project maintainers, informing them that currently in deployment anchor outputs protocol upgrade was mitigating against this defect while old channels remain vulnerable. Antoine Riard believes that there is a lack of an established policy for coordinated security disclosures between a base layer implementation and its downstream projects, the lack of a clear methodology to identify downstream projects affected by a transaction relay policy wreckage, and the lack of minimally-disruptive, emergency upgrade mechanisms implemented by downstream projects are underlying issues.The timeline of the discovery, report, disclosure, and acknowledgment of the issue is also provided. The defect was assigned CVE-2021-31876, and full disclosure was made to the bitcoin-dev mailing list. LN nodes operators concerned by this defect might prefer anchor outputs channels, fully mitigating this specific pinning vector. Onchain DLC/Coinswap/Vault protocols have also multiple stages of execution with time-sensitive transactions opening the way to pinning attacks, so any in-protocol competing transactions should explicitly signal RBF.
Updated on: 2023-05-21T02:26:22.452927+00:00